Wednesday, August 26, 2020

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related posts

  1. Pentest Tools Alternative
  2. Hacker Hardware Tools
  3. Hacker Tools Online
  4. Hacking Tools Software
  5. Hacking Tools Windows 10
  6. Pentest Tools Alternative
  7. Pentest Tools Kali Linux
  8. Pentest Tools Alternative
  9. How To Make Hacking Tools
  10. Android Hack Tools Github
  11. Hacking Tools For Kali Linux
  12. Pentest Box Tools Download
  13. Hacking Tools For Windows Free Download
  14. Hack Rom Tools
  15. Hack Tool Apk
  16. Pentest Tools For Windows
  17. Pentest Tools For Windows
  18. Pentest Recon Tools
  19. Hacker Tools Software
  20. Nsa Hack Tools
  21. Hacking Apps
  22. Hacker Tools 2019
  23. Pentest Automation Tools
  24. Hacking Tools Software
  25. Pentest Tools Framework
  26. Hack App
  27. Pentest Tools Kali Linux
  28. Pentest Tools List
  29. Hacker Tools For Pc
  30. Hacker Techniques Tools And Incident Handling
  31. Hacker Tools Windows
  32. Pentest Tools Website
  33. Hacker Tools 2019
  34. Pentest Tools Download
  35. Hack Tools For Windows
  36. Hacker Tools For Pc
  37. Hacking Tools
  38. Hacking Tools Windows
  39. Pentest Tools Alternative
  40. Hacking App
  41. Best Hacking Tools 2020
  42. Pentest Automation Tools
  43. Hackers Toolbox
  44. Physical Pentest Tools
  45. Hack Tools Online
  46. Game Hacking
  47. Github Hacking Tools
  48. Hacking Tools Name
  49. Pentest Tools Find Subdomains
  50. Hack And Tools
  51. Pentest Tools Tcp Port Scanner
  52. Hacking Tools 2019
  53. Hack Tools For Pc
  54. Hacking Tools For Windows
  55. Pentest Tools Download
  56. Hacking Tools Online
  57. Github Hacking Tools
  58. Hacking Tools Free Download
  59. Hacker Search Tools
  60. What Is Hacking Tools
  61. Hackrf Tools
  62. Game Hacking
  63. Pentest Box Tools Download
  64. Hacker Search Tools
  65. Hack Tools Mac
  66. Pentest Tools Windows
  67. Pentest Tools Online
  68. Wifi Hacker Tools For Windows
  69. Pentest Tools Port Scanner
  70. Hacking Tools 2020
  71. Physical Pentest Tools
  72. Pentest Box Tools Download
  73. Hackers Toolbox
  74. Hacker Tools Free Download
  75. Hacking Tools Kit
  76. Pentest Tools Github
  77. Pentest Tools Review
  78. How To Install Pentest Tools In Ubuntu
  79. Hacks And Tools
  80. Pentest Tools Linux
  81. Game Hacking
  82. Computer Hacker
  83. Pentest Tools For Mac
  84. What Are Hacking Tools
  85. New Hack Tools
  86. Top Pentest Tools
  87. Pentest Tools For Ubuntu
  88. Hack Tools Online
  89. Hacker Tools For Windows
  90. Hacker Tools Github
  91. Hacking Tools Mac
  92. Bluetooth Hacking Tools Kali
  93. Hacking Tools Kit
  94. Hacking Tools For Windows Free Download
  95. Hackrf Tools
  96. Nsa Hack Tools Download
  97. Hacker Tools Windows
  98. Hacker Hardware Tools
  99. Pentest Tools Website
  100. Hack Apps
  101. Pentest Recon Tools
  102. Tools 4 Hack
  103. Hacker Tools 2020
  104. Best Hacking Tools 2019
  105. Pentest Tools Linux
  106. Pentest Tools Website
  107. Hacker Tools Free
  108. Hacker Tools Online
  109. Pentest Tools
  110. Hack Tool Apk No Root
  111. Pentest Tools Apk
  112. Pentest Tools Linux
  113. Hacking Tools For Windows
  114. Pentest Tools Tcp Port Scanner
  115. Hack Tools Pc
  116. How To Install Pentest Tools In Ubuntu
  117. Hacking Tools 2020
  118. Hack Tools
  119. Hacker Tools Hardware
  120. Hacker Tools Mac
  121. Pentest Tools Alternative
  122. Pentest Tools Android
  123. Hacking Tools Free Download
  124. Ethical Hacker Tools
  125. Hacking Tools Download
  126. Hacker Security Tools
  127. Hak5 Tools
  128. Hacker Tools Windows
  129. Hacking Tools For Mac
  130. Hacker Security Tools
  131. Computer Hacker
  132. Hacking Tools 2020
  133. World No 1 Hacker Software
  134. Hacking Tools For Windows 7
  135. Hack Tools For Windows
  136. Hacking Tools Hardware
  137. Hak5 Tools
  138. Pentest Tools For Mac
  139. Usb Pentest Tools
  140. Tools For Hacker
  141. Hacker Tools Apk
  142. Pentest Tools For Android
  143. Pentest Tools Free
  144. Nsa Hack Tools Download
  145. Hacking Tools Hardware
  146. Hacker Tools Free
  147. Nsa Hack Tools Download
  148. Hacker Security Tools
  149. Hack Tools For Windows
  150. Pentest Tools Android
  151. Hacking Tools For Beginners
  152. Pentest Tools Tcp Port Scanner
  153. Pentest Tools Android
  154. How To Install Pentest Tools In Ubuntu
  155. Github Hacking Tools
  156. Best Hacking Tools 2020
  157. Hack Tools For Mac
  158. Pentest Reporting Tools
  159. Hack Tools
  160. Pentest Tools Github
  161. Pentest Reporting Tools
  162. Pentest Tools For Mac
  163. Best Hacking Tools 2019
  164. Hacking Tools
  165. Hacker Techniques Tools And Incident Handling
  166. Hacking Tools Mac
  167. Install Pentest Tools Ubuntu
  168. Hacker Tools For Windows
  169. Pentest Tools List
  170. What Is Hacking Tools
  171. Hacking Tools For Kali Linux
  172. Hacking Tools For Windows 7
  173. Hacker Tool Kit
  174. Hacker
  175. New Hacker Tools
Posted by at

1 comment:

  1. felisha greenMarch 11, 2021 at 7:57 AM

    Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete

Subscribe to: Post Comments (Atom)